diff options
Diffstat (limited to 'playbooks/aws/openshift-cluster')
| -rw-r--r-- | playbooks/aws/openshift-cluster/build_ami.yml | 8 | ||||
| -rw-r--r-- | playbooks/aws/openshift-cluster/build_node_group.yml | 31 | ||||
| -rw-r--r-- | playbooks/aws/openshift-cluster/provision.yml | 49 | ||||
| -rw-r--r-- | playbooks/aws/openshift-cluster/provision_nodes.yml | 19 | ||||
| -rw-r--r-- | playbooks/aws/openshift-cluster/vars.yml | 11 |
5 files changed, 76 insertions, 42 deletions
diff --git a/playbooks/aws/openshift-cluster/build_ami.yml b/playbooks/aws/openshift-cluster/build_ami.yml index d27874200..998cf4340 100644 --- a/playbooks/aws/openshift-cluster/build_ami.yml +++ b/playbooks/aws/openshift-cluster/build_ami.yml @@ -24,6 +24,14 @@ r_openshift_aws_ssh_keys_users: "{{ provision.instance_users }}" r_openshift_aws_ssh_keys_region: "{{ provision.region }}" + - name: Create compute sgs + include_role: + name: openshift_aws_sg + vars: + r_openshift_aws_sg_clusterid: "{{ provision.clusterid }}" + r_openshift_aws_sg_region: "{{ provision.region }}" + r_openshift_aws_sg_type: compute + - name: fetch the default subnet id ec2_vpc_subnet_facts: region: "{{ provision.region }}" diff --git a/playbooks/aws/openshift-cluster/build_node_group.yml b/playbooks/aws/openshift-cluster/build_node_group.yml index 3ef492238..5b0330e46 100644 --- a/playbooks/aws/openshift-cluster/build_node_group.yml +++ b/playbooks/aws/openshift-cluster/build_node_group.yml @@ -1,47 +1,48 @@ --- - name: fetch recently created AMI ec2_ami_find: - region: "{{ provision.region }}" + region: "{{ openshift_region }}" sort: creationDate sort_order: descending - name: "{{ provision.build.ami_name }}*" - ami_tags: "{{ provision.build.openshift_ami_tags }}" + name: "{{ openshift_ami_name }}*" + ami_tags: "{{ openshift_ami_tags }}" #no_result_action: fail register: amiout + when: not openshift_use_custom_ami - block: - name: "Create {{ openshift_build_node_type }} sgs" include_role: name: openshift_aws_sg vars: - r_openshift_aws_sg_clusterid: "{{ provision.clusterid }}" - r_openshift_aws_sg_region: "{{ provision.region }}" + r_openshift_aws_sg_clusterid: "{{ openshift_clusterid }}" + r_openshift_aws_sg_region: "{{ openshift_region }}" r_openshift_aws_sg_type: "{{ openshift_build_node_type }}" - name: "generate a launch config name for {{ openshift_build_node_type }}" set_fact: - launch_config_name: "{{ provision.clusterid }}-{{ openshift_build_node_type }}-{{ ansible_date_time.epoch }}" + launch_config_name: "{{ openshift_clusterid }}-{{ openshift_build_node_type }}-{{ ansible_date_time.epoch }}" - name: create "{{ openshift_build_node_type }} launch config" include_role: name: openshift_aws_launch_config vars: r_openshift_aws_launch_config_name: "{{ launch_config_name }}" - r_openshift_aws_launch_config_clusterid: "{{ provision.clusterid }}" - r_openshift_aws_launch_config_region: "{{ provision.region }}" - r_openshift_aws_launch_config: "{{ provision.node_group_config }}" + r_openshift_aws_launch_config_clusterid: "{{ openshift_clusterid }}" + r_openshift_aws_launch_config_region: "{{ openshift_region }}" + r_openshift_aws_launch_config: "{{ openshift_node_group_config }}" r_openshift_aws_launch_config_type: "{{ openshift_build_node_type }}" - r_openshift_aws_launch_config_custom_image: "{{ '' if 'results' not in amiout else amiout.results[0].ami_id }}" + r_openshift_aws_launch_config_custom_image: "{{ '' if 'results' not in amiout and amiout.results|length > 0 else amiout.results[0].ami_id }}" r_openshift_aws_launch_config_bootstrap_token: "{{ (local_bootstrap['content'] |b64decode) if local_bootstrap is defined else '' }}" - name: "create {{ openshift_build_node_type }} node groups" include_role: name: openshift_aws_node_group vars: - r_openshift_aws_node_group_name: "{{ provision.clusterid }} openshift {{ openshift_build_node_type }}" + r_openshift_aws_node_group_name: "{{ openshift_clusterid }} openshift {{ openshift_build_node_type }}" r_openshift_aws_node_group_lc_name: "{{ launch_config_name }}" - r_openshift_aws_node_group_clusterid: "{{ provision.clusterid }}" - r_openshift_aws_node_group_region: "{{ provision.region }}" - r_openshift_aws_node_group_config: "{{ provision.node_group_config }}" + r_openshift_aws_node_group_clusterid: "{{ openshift_clusterid }}" + r_openshift_aws_node_group_region: "{{ openshift_region }}" + r_openshift_aws_node_group_config: "{{ openshift_node_group_config }}" r_openshift_aws_node_group_type: "{{ openshift_build_node_type }}" - r_openshift_aws_node_group_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}" + r_openshift_aws_node_group_subnet_name: "{{ openshift_subnet_name }}" diff --git a/playbooks/aws/openshift-cluster/provision.yml b/playbooks/aws/openshift-cluster/provision.yml index dfbf61cc7..88ab0ecb1 100644 --- a/playbooks/aws/openshift-cluster/provision.yml +++ b/playbooks/aws/openshift-cluster/provision.yml @@ -16,6 +16,27 @@ r_openshift_aws_vpc_tags: "{{ provision.vpc.tags }}" r_openshift_aws_vpc_name: "{{ provision.vpc.name | default(provision.clusterid) }}" + - name: bring iam_cert23 into scope + include_role: + name: lib_utils + + - name: upload certificates to AWS IAM + iam_cert23: + state: present + name: "{{ provision.clusterid }}-master-external" + cert: "{{ provision.iam_cert_ca.cert_path }}" + key: "{{ provision.iam_cert_ca.key_path }}" + cert_chain: "{{ provision.iam_cert_ca.chain_path | default(omit) }}" + register: elb_cert_chain + failed_when: + - "'failed' in elb_cert_chain" + - elb_cert_chain.failed + - "'msg' in elb_cert_chain" + - "'already exists' not in elb_cert_chain.msg" + when: provision.iam_cert_ca is defined + + - debug: var=elb_cert_chain + - name: create aws ssh keypair include_role: name: openshift_aws_ssh_keys @@ -36,6 +57,13 @@ include: build_node_group.yml vars: openshift_build_node_type: master + openshift_clusterid: "{{ provision.clusterid }}" + openshift_region: "{{ provision.region }}" + openshift_use_custom_ami: "{{ provision.use_custom_ami }}" + openshift_ami_name: "{{ provision.build.ami_name }}" + openshift_ami_tags: "{{ provision.build.ami_tags }}" + openshift_node_group_config: "{{ provision.node_group_config }}" + openshift_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}" - name: fetch new master instances ec2_remote_facts: @@ -49,27 +77,6 @@ delay: 3 until: instancesout.instances|length > 0 - - name: bring iam_cert23 into scope - include_role: - name: lib_utils - - - name: upload certificates to AWS IAM - iam_cert23: - state: present - name: "{{ provision.clusterid }}-master-external" - cert: "{{ provision.iam_cert_ca.cert_path }}" - key: "{{ provision.iam_cert_ca.key_path }}" - cert_chain: "{{ provision.iam_cert_ca.chain_path | default(omit) }}" - register: elb_cert_chain - failed_when: - - "'failed' in elb_cert_chain" - - elb_cert_chain.failed - - "'msg' in elb_cert_chain" - - "'already exists' not in elb_cert_chain.msg" - when: provision.iam_cert_ca is defined - - - debug: var=elb_cert_chain - - name: create our master external and internal load balancers include_role: name: openshift_aws_elb diff --git a/playbooks/aws/openshift-cluster/provision_nodes.yml b/playbooks/aws/openshift-cluster/provision_nodes.yml index 5428fb307..87629e354 100644 --- a/playbooks/aws/openshift-cluster/provision_nodes.yml +++ b/playbooks/aws/openshift-cluster/provision_nodes.yml @@ -36,12 +36,27 @@ infra: "infra-{{ ansible_date_time.epoch }}" compute: "compute-{{ ansible_date_time.epoch }}" - - name: include build node group + - name: include build node group for infra include: build_node_group.yml vars: openshift_build_node_type: infra + openshift_clusterid: "{{ provision.clusterid }}" + openshift_region: "{{ provision.region }}" + openshift_use_custom_ami: "{{ proviion.use_custom_ami }}" + openshift_ami_name: "{{ provision.build.ami_name }}" + openshift_ami_tags: "{{ provision.build.openshift_ami_tags }}" + openshift_node_group_config: "{{ provision.node_group_config }}" + openshift_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}" - - name: include build node group + + - name: include build node group for compute include: build_node_group.yml vars: openshift_build_node_type: compute + openshift_clusterid: "{{ provision.clusterid }}" + openshift_region: "{{ provision.region }}" + openshift_use_custom_ami: "{{ proviion.use_custom_ami }}" + openshift_ami_name: "{{ provision.build.ami_name }}" + openshift_ami_tags: "{{ provision.build.openshift_ami_tags }}" + openshift_node_group_config: "{{ provision.node_group_config }}" + openshift_subnet_name: "{{ provision.vpc.subnets[provision.region][0].az }}" diff --git a/playbooks/aws/openshift-cluster/vars.yml b/playbooks/aws/openshift-cluster/vars.yml index 47da03cb7..1d91593e2 100644 --- a/playbooks/aws/openshift-cluster/vars.yml +++ b/playbooks/aws/openshift-cluster/vars.yml @@ -14,7 +14,7 @@ provision: # when creating an encrypted AMI please specify use_encryption use_encryption: False - openshift_ami_tags: + ami_tags: bootstrap: "true" openshift-created: "true" clusterid: "{{ clusterid }}" @@ -22,6 +22,9 @@ provision: # Use s3 backed registry storage openshift_registry_s3: True + # whether to use custome ami for each node type + use_custom_ami: False + # if using custom certificates these are required for the ELB iam_cert_ca: name: "{{ clusterid }}_openshift" @@ -45,7 +48,7 @@ provision: # master specific cluster node settings master: instance_type: m4.xlarge - ami: ami-cdeec8b6 # if using an encrypted AMI this will be replaced + ami: ami-cdeec8b6 # if using an encrypted or custom AMI this will be replaced volumes: - device_name: /dev/sdb volume_size: 100 @@ -65,7 +68,7 @@ provision: # compute specific cluster node settings compute: instance_type: m4.xlarge - ami: ami-cdeec8b6 + ami: ami-cdeec8b6 # if using an encrypted or custom AMI this will be replaced volumes: - device_name: /dev/sdb volume_size: 100 @@ -84,7 +87,7 @@ provision: # infra specific cluster node settings infra: instance_type: m4.xlarge - ami: ami-cdeec8b6 + ami: ami-cdeec8b6 # if using an encrypted or custom AMI this will be replaced volumes: - device_name: /dev/sdb volume_size: 100 |